Cryptographic audit

ABSTRACT

Method, system, and computer program products for identifying potentially fraudulent receivers of digital content. A receiver authenticates to an auditing service with data that should be unique to the receiver. The auditing service detects when multiple receivers attempt to authenticate with the same data, suggesting that a receiver has been cloned or duplicated. The audit service also detects when a receiver authenticates improperly, suggesting an unsuccessful and unauthorized attempt to duplicate an authorized receiver. Individual receivers may be networked together. To help protect a receiver&#39;s authentication data from tampering, at least a portion of the data may be digitally signed with a private key. The audit service may then verify the digital signature with a corresponding public key. Varying the order in which data is signed or where the data is stored from one receiver or group of receivers to another may provide an additional level of security.

BACKGROUND OF THE INVENTION

[0001] 1. The Field of the Invention

[0002] The present invention relates to digital content broadcastsystems. More specifically, the present invention relates to methods,systems, and computer program products for identifying potentiallyfraudulent digital content receivers.

[0003] 2. Background and Related Art

[0004] One problem that subscription-based broadcast systems often faceis theft of service. Theft of service occurs when someone is able toreceive the benefits reserved for subscribers, without paying theassociated cost. Illicit connections to cable systems and clonedreceivers for satellite systems are examples of theft of service. Theftof service operates principally to the determent of the service providerin the form of lost subscription revenue. A related problem, theft ofcontent involves unauthorized use of content, independent of whether ornot someone is a subscriber. Redistributing content to unauthorizedconsumers is an example of theft of content. Theft of content deprivesthe content owner of royalties or licensing revenue.

[0005] Theft of service is becoming increasingly significant with theimproved quality of digital broadcasts. Furthermore, the advent ofenvironments such as home media servers and networks with the ability tostore and redistribute content to local nodes within the network amplifythe problems associated with theft of service because, among otherthings, digital content is less susceptible to losses in quality thananalog content. When digital content may be obtained, these and otheradvantages make theft of service an attractive prize.

[0006] Therefore, it is important to protect against theft of service.However, there is a practical economic limit to the resources that maybe devoted to preventing theft of service. At some point, preventingtheft of service is no longer economically viable because the addedexpense of the extra protection does not offer sufficient monetaryreturn to justify its implementation. Thus, effective security measuresthat have low implementation costs are highly desirable.

BRIEF SUMMARY OF THE INVENTION

[0007] The present invention is useful in identifying potentiallyfraudulent receivers of digital content. At some point in time,receivers communicate with an auditing service. During thiscommunication, the receivers authenticate to the auditing service.Because the authentication includes data that should be unique to eachreceiver, the auditing service is able to detect when multiple receiversattempt to authenticate with the same data, indicating that one or morereceivers have been duplicated. Similarly, the auditing service is ableto detect when a receiver authenticates improperly, indicating anunsuccessful attempt at duplicating an authorized receiver.

[0008] Individual receivers may be networked together, such as in avideo network. Only one of the networked receivers need operate as agateway for receiving broadcast digital content from a content source.Other local receivers may access digital content from the gatewayreceiver, rather than the broadcast source. The gateway receiverauthenticates local receivers and stores corresponding representationsof at least a portion of the authentication data. When the gatewayreceiver authenticates to the audit service, at least a portion of thestored authentication data for the local receivers is provided as well.By receiving authentication data for local receivers from gatewayreceivers, the audit service is able to detect potentially fraudulentlocal receivers, even if the audit service does not have any directcontact with the local receivers.

[0009] To help protect a receiver's sensitive and other data fromtampering, at least a portion of the data may be digitally signed with aprivate key. This allows the audit service to verify the digitalsignature with a public key. Varying the order in which data is signedfrom one receiver or group of receivers to another may provideadditional security. With this additional level of security, even if thesecurity for one receiver is breached, other receivers remain secure. Afurther level of security may be achieved by varying the location whereauthentication data is stored from one receiver or group of receiver toanother, scrambling the memory locations for accessing the data, and/orencrypting the data.

[0010] Additional features and advantages of the invention will be setforth in the description which follows, and in part will be obvious fromthe description, or may be learned by the practice of the invention. Thefeatures and advantages of the invention may be realized and obtained bymeans of the instruments and combinations particularly pointed out inthe appended claims. These and other features of the present inventionwill become more fully apparent from the following description andappended claims, or may be learned by the practice of the invention asset forth hereinafter.

BRIEF DESCRIPTION OF THE DRAWINGS

[0011] In order to describe the manner in which the above-recited andother advantages and features of the invention can be obtained, a moreparticular description of the invention briefly described above will berendered by reference to specific embodiments thereof which areillustrated in the appended drawings. Understanding that these drawingsdepict only typical embodiments of the invention and are not thereforeto be considered as limiting its scope, the invention will be describedand explained with additional specificity and detail through the use ofthe accompanying drawings in which:

[0012]FIG. 1 shows an exemplary network of digital content receiversthat provides a suitable environment for practicing the presentinvention;

[0013]FIG. 2 illustrates further detail for one of the digital contentreceivers shown in FIG. 1;

[0014]FIG. 3 is a block diagram showing an exemplary data storecontaining data for authenticating a receiver in accordance with thepresent invention;

[0015]FIG. 4 is a flow diagram, from the perspective of a receiver,illustrating exemplary acts and steps for methods according to thepresent invention; and

[0016]FIG. 5 is a flow diagram, from the perspective of an auditservice, illustrating exemplary acts for methods according to thepresent invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0017] The present invention extends to methods, systems, and computerprogram products for identifying potentially fraudulent digital contentreceivers. By authenticating to an audit service with at least some datawhich should be unique to individual receivers, the audit service isable to identify when a receiver authenticates properly; when multiplereceivers authenticate with the same data, suggesting an illicit attemptto copy an authorized receiver; when a receiver authenticatesimproperly, suggesting a failed attempt to copy an authorized receiver;when a receiver has not authenticated; etc. Embodiments of the presentinvention may comprise one or more special purpose or general purposecomputers including various computer hardware, as discussed in greaterdetail below.

[0018] Embodiments within the scope of the present invention alsoinclude computer-readable media for carrying or havingcomputer-executable instructions or data structures stored thereon. Suchcomputer-readable media may be any available media that can be accessedby a general purpose or special purpose computer. By way of example, andnot limitation, such computer-readable media can comprise RAM, ROM,EEPROM, flash memory cards, DVDs, CD-ROM, or other optical disc storage,magnetic cassettes, magnetic disk storage or other magnetic storagedevices, or any other medium which can be used to carry or store desiredprogram code means in the form of computer-executable instructions ordata structures and which can be accessed by a general purpose orspecial purpose computer.

[0019] The present invention may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by computers in network environments. Generally, programmodules include routines, programs, objects, components, datastructures, etc. that perform particular tasks or implement particularabstract data types. Computer-executable instructions, associated datastructures, and program modules represent examples of the program codemeans for executing steps of the methods disclosed herein. Theparticular sequence of such executable instructions or associated datastructures represents examples of corresponding acts for implementingthe functions described in such steps.

[0020] Those skilled in the art will appreciate that the invention maybe practiced in network computing environments with many types ofcomputer system configurations, including personal computers, hand-helddevices, multi-processor systems, microprocessor-based or programmableconsumer electronics, network PCs, minicomputers, mainframe computers,and the like. The invention also may be practiced in distributedcomputing environments where tasks are performed by local and remoteprocessing devices that are linked (either by hardwired links, wirelesslinks, or by a combination of hardwired or wireless links) through acommunications network. In a distributed computing environment, programmodules may be located in both local and remote memory storage devices.

[0021] When information is transferred or provided over a network oranother communications connection (either hardwired, wireless, or acombination of hardwired or wireless) to a computer, the computerproperly views the connection as a computer-readable medium. Thus, anysuch connection is properly termed a computer-readable medium.Combinations of the above should also be included within the scope ofcomputer-readable media. In generally, the computer-executableinstructions of a computer readable medium may comprise any instructionsand/or data which cause a general purpose computer, special purposecomputer, or special purpose processing device to perform a certainfunction or group of functions.

[0022]FIG. 1 and the corresponding discussion provide a generaldescription of a video network 100 in which the present invention mayoperate. The video network 100 includes a video management system 110that receives video input 101, performs appropriate processing on thevideo, and then distributes the video directly to a display device 111and/or to a video node such as one or more of video nodes 120-123. Forvideo network 100, management system 110 functions as a gateway byreceiving broadcast digital content through video input 101 andproviding local receivers, such as video nodes 120-123, with access tothe received digital content.

[0023] In general, the term “gateway receiver” will be used in referringto a receiver that usually receives digital content from a broadcastsource, and the term “local receiver” will be used in referring to areceiver that usually receives digital content from a gateway receiver.It should be noted, however, that a receiver may operate as a gatewayreceiver at one time and as a local receiver at another. Therefore, inthe broadest sense, “gateway” and “local” are used merely as labels todifferentiate one receiver from another, without imposing any limitationon the operation of a receiver, whatsoever. It should be noted that thepresent invention does not necessarily require more than one receiver.

[0024] Communication between a gateway receiver, such as managementsystem 110, and local receivers, such as video nodes 120-123, may beencrypted to secure any exchange of data, including digital content,encryption keys, etc. In one embodiment gateway receivers and localreceivers mutually authenticate each other with public key certificates(which are more fully described in reference to FIG. 3) and bysatisfying a challenge that requires use of a corresponding private key.A device birthmark (also described more fully in conjunction with FIG.3) may be communicated during authentication. It should be noted thatauthentication usually implies identification using cryptographictechniques, but as used in this application, authentication may beinterpreted more broadly to encompass more generalized forms ofidentification. The protocol for authentication may be modeled onwell-known authentication mechanisms, including secure sockets layer(“SSL”) transport layer security (“TLS”), and the like.

[0025] Video input 101 may be received from any of a variety ofbroadcast sources, including cable and satellite service providers.Although video input 101 may primarily receive video content, it shouldbe understood that the present invention is not limited to anyparticular content. For example, it is becoming increasing popular forcontent providers to broadcast digital audio. Furthermore, broadcaststreams may be multiplexed to allow for the broadcast of virtually anytype of digital content, including executable software, scripts, markedup text and data, etc. The present invention does not require managementsystem 110 to operate as a gateway receiver for any particular type ofcontent. Similarly, video nodes 120-123 may be any type of consumerelectronics device, including game consoles, tuners, recorders, personalcomputers, handheld computing devices, etc., capable of receivingcontent from a gateway receiver, such as management system 110. Whichtypes of consumer electronics devices are suitable for use as a localreceiver may depend on the type of digital content that managementsystem 110 receives.

[0026] Typically, at least a portion of the digital content received bymanagement system 110, is intended only for authorized receivers. Inother words, management system 110 should have a valid subscription inorder to receive certain digital content from the content serviceprovider. In order to obtain digital content without subscribing, theftof service may be attempted, such as by cloning an existing authorizedreceiver or by creating a counterfeit receiver. For video network 100,an illicit gateway receiver or an illicit local receiver may be used fortheft of service. How the present invention addresses theft of servicewill be discussed in more detail below, particularly in connection withFIGS. 3-5.

[0027] In addition to video input 101, video network 100 and managementsystem 110 may connect to network 103 through connection 102. Whereasvideo input 101 usually is a one-way broadcast communication channel,connection 102 with network 103 supports two-way communication. In oneembodiment, connection 102 is an Internet connection, but the presentinvention is not limited to any specific technology. At some point intime, management system 110 authenticates to audit service 104 throughnetwork 103. As part of this authentication, a gateway receiver may sendall or a portion of a data store, such as data store 228 of FIG. 2, tothe audit service 104.

[0028] This authentication permits audit service 104 to determine ifmultiple receivers provide the same authentication, suggesting that agateway receiver has been cloned, and to determine if a gateway receiverauthenticates improperly, suggesting a counterfeit gateway receiver. Ofcourse, audit service 104 determines when a receiver properlyauthenticates, and also may determine if a receiver has notauthenticated within a particular period of time. The connection betweenmanagement system 110 and audit service 104 may be encrypted duringauthentication. For example, in one embodiment secure IP or IPsecprovides for encrypted communication between management system 110 andaudit service 104.

[0029] The local receivers, such as video nodes 120-123, authenticate toa gateway receiver, such as management system 110. The gateway receiverstores authentication data for each of the video nodes thatauthenticates. In one embodiment, this stored authentication dataincludes the public key for each authenticated video node. At least aportion or representation of this authentication data for the localreceivers is sent to the auditing service 104 as well. The localreceiver authentication data allows the audit service to identifypotentially fraudulent local receivers, such as cloned and counterfeitlocal receivers. For example, receiving the same authentication data formultiple local receivers is an indication that local receivers are beingcloned. If a local receiver provides invalid authentication to a gatewayreceiver, the gateway receiver may determine that access to digitalcontent will not be allowed.

[0030] As used in this application, an audit service, such as auditservice 104, should be interpreted broadly to encompass a wide range ofoperation. The audit service 104 need not comprise any particularhardware or software configuration. Audit service 104 need only includesufficient authentication information to authenticate gateway receivers.Audit service 104 may independently verify the authentication of localreceivers or simply may accept representations of local receiverauthentication data that are provided by a gateway receiver.Representations of local receiver authentication data include, but arenot limited to, the local receiver authentication data that is receivedby a gateway receiver or portions thereof, data derived or calculatedfrom the local receiver authentication data, etc., and/or combinationsof the foregoing. The particular authentication information stored ataudit service 104 depends largely on how gateway receivers (and possiblylocal receivers) authenticate. For example, in one embodiment auditservice 104 stores a copy of the system data store 228 that is describedbelow in connection with FIG. 2 and FIG. 3. Alternatively, audit service104 may store only a portion of system data store 228 or data derived orcalculated from the system data store 228 etc., and/or combinations ofthe foregoing.) More detail for examples of how gateway receivers andlocal receiver may authenticate will be provided below with respect toFIG. 3.

[0031] In one embodiment, video management system 110 has relativelyhigh storage and processing capabilities as compared to the video nodes120-123. Accordingly, the video management system 110 performs the bulkof the video processing on the video input. For example, the videomanagement system 110 may decrypt, resize, and convert the input videoto different formats as needed. In addition, the video management system110 may process the video to minimize the memory and network bandwidthrequirements of the video network 100. Video management system 110 maydecrypt received content, re-encrypt the content using it own key, andwrite the content to a hard drive. The content remains in MPEG2 format.From the hard drive, the data may be decrypted and forwarded to an MPEGdecoder for viewing, or decrypted and then re-encrypted for transmissionto a video node that will perform the needed MPEG decoding.

[0032] Video nodes 120-123, on the other hand, have lower storagecapabilities and perform more rudimentary video processing. For example,the video nodes 120-123 have the ability to tune to a video channel andsupply such tuning information to the video management system 110 or torequest channel selection at the video management system 110. Inaddition, the video nodes 120-123 receive processed video from the videomanagement system 110, prepare the processed video for display on thecorresponding display device 130-133, and then forward the finalprocessed video to the corresponding display device. In one embodiment,video nodes 120-123 receive and decode MPEG2 video for display.Accordingly, the complexity of the video management system 110 allowsfor relatively less complex designs in the video nodes 120-123. Forexample, video nodes 120-123 do not to decrypt the incoming broadcastcontent, manage a hard disk, etc.

[0033]FIG. 2 illustrates an example application specific integratedcircuit (“ASIC”) 210 for one of the digital content receivers shown inFIG. 1. Of course, the present invention may be practiced in a varietyof environments and is in no way limited to the specific example shownin FIG. 2. The ASIC 210 includes a number of components that communicateover a control bus 211 and a memory bus 212. The control bus 211 carriesrelatively low bandwidth control information that controls the operationof each of the components of the ASIC 210. The memory bus 212 carrieshigher bandwidth information such as video information between each ofthe components of the ASIC 210 and memory. A bus management unit 213manages the communication over the control bus 211 and also interfaceswith a processor 214 and a PCI bus 215.

[0034] The processor 214 oversees the general video processing bydispatching instructions over the control bus 211 instructing thevarious components of the ASIC 210 to perform their specialized tasks.The processor 214 also monitors the progress of such tasks, thuscontrolling the various components of ASIC 210 in a coordinated fashion.The processor 214 may be any processor capable of performing suchoversight functions including a MIPS or X86 architecture processor.

[0035] Typically, memory is required to perform such coordinatedoperations. Accordingly, the ASIC 210 has access to one or more memorysubsystems 216 which provide volatile memory that is shared between thecomponents of the ASIC 210. The memory subsystems 216 may be any memorysubsystem that allows for rapid access to stored information. Forexample, the memory subsystems 216 may be SRAM or DRAM.

[0036] A memory unit 217 communicates directly with the memorysubsystems 216. The memory unit 217 is more efficient if there arelarge, less frequent accesses to the memory subsystems 216. However,many of the components of the ASIC 210 may operate most efficiently whenthere are smaller, but more frequent memory transactions. The directmemory access (“DMA”) unit 218 acts as a buffering interface such thatthe components may have small, frequent transactions with the DMA unit218, while leaving it up to the DMA unit 218 to bundle the smallertransactions into larger, less frequent transactions for the memory unit217 to conduct with the memory subsystems 216. In this manner, when acomponent needs to access the memory subsystems 216, the componenteither communicates directly with the memory unit 217 or communicatesthrough the DMA unit 218 depending on the nature of the transaction.

[0037] A universal serial bus (“USB”) interface 219 is capable ofrunning a universal serial bus. The USB unit 219 may be any conventionalUSB interface that is capable of interfacing with the control bus 211and the memory bus 212.

[0038] A device unit 221 includes interfaces for a number ofmiscellaneous devices. For example, the device unit 221 contains abi-directional interface for an I2C bus 222 for communication withexternal components, a bi-directional interface for a smart card 223, abi-directional infra red (“IR”) serial interface 224, and abi-directional ISA/IDE bus 225 that interfaces with a read only memory226, a hard disk drive 227, and a system data store 228, as well as anumber of other devices such as a DVD-ROM drive. Alternatively, thesystem data store 228 may be attached to the I2C bus 222.

[0039] System data store 228 is read only or write-once memory forstoring certain receiver unique information that will be described ingreater detail below, with respect to FIG. 3. In general, at leastportions of the receiver unique information will be used to authenticatethe receiver to other receivers or devices. In one embodiment, systemdata store 228 is an EEPROM with the write protect fuses blown. Inanother embodiment, system data store 228 is an ASIC attached to I2C bus222. Nevertheless, the present invention is not necessarily limited toany particular type of storage for system data store 228 and is notlimited to any particular bus for interfacing with system data store228.

[0040] A graphics unit 242 comprises a 3-D graphic rendering engine thatmay be, for example, an eight million polygon DirectX7 compatible 3-Dgraphics unit.

[0041] An audio unit 229 drives a PC audio interface 230 such as anAC'97 audio interface that may receive or transmit audio. The audio unit229 may also drive other audio interfaces including a digital interfacesuch as SPDIF digital audio interface 231.

[0042] A video unit 232 receives video data from the memory bus 212 andconverts the video data into a digital display. The video unit 232handles multiple windows of video data and may operate in RGB, YUV, orother color formats as needed. The video unit 232 provides the digitaldisplay data to the digital video encoder 233 which converts the digitaldisplay data into the desired format (e.g., NTSC or HDTV) and providesthe digital video through a digital to analog converter (“DAC”) andfilter 234 to a composite, S-Video or component output. The digitalvideo encoder 233 also may output the video to a digital video interface(“DVI”) 235 using a DVI converter 236.

[0043] An MPEG decoder 238 is provided to decode MPEG streams. The MPEGdecoder also performs subsample decoding by reducing the frame size ofthe resulting decoded frame.

[0044]FIG. 3 is a block diagram illustrating an exemplary system datastore 228 in more detail. System data store 228 contains various data,including data useful for authenticating a receiver. Device uniquesecrets 310 should be kept confidential to retain maximum effectiveness.Device unique non-secrets 330 are used for authentication, but arepreferably maintained in some degree of confidence for added security.For example, in one embodiment, device unique non-secrets 330 are notpublished or generally accessible, but are used regularly for purposesof authentication and auditing.

[0045] Device unique secrets 310 include a 192-bits for hard disk 3DES(3 key) encryption key 312 and a 1024-bit RSA private key 314. The HDDkey 312 is used for encrypting HDD content and effectively ties the HDDcontent to a particular receiver. Attempts to access the HDD directlyreturn only encrypted content, and because the HDD key 312 is deviceunique, content on an HDD that has been moved to another receiver cannotbe decrypted by that receiver. The three (encrypt, decrypt, encrypt)3DES HDD keys 312 are symmetric encryption keys. Once a symmetricencryption key becomes generally known, it offers little, if any,protection, and therefore should be kept secret. 3DES is well-known tothose of ordinary skill in the relevant arts and will not be describedfurther.

[0046] The RSA private key 314 is used for authentication and may beused to exchange symmetric session keys. Private keys are paired withpublic keys. Data encrypted with a public key can only be decrypted withthe corresponding private key. While the public key generally isintended for disclosure, the private key should be maintained secret. Acommon authentication technique, known as a proof-of-possessionchallenge, involves asking the purported holder of a private key todecrypt a particular random number that has been encrypted with thecorresponding public key. Since the random number can only be decryptedwith the private key, decrypting the random number and using it in asubsequent operation proves that the purported holder in fact haspossession of the private key. More sophisticated uses of RSA privatekey 314 will be discussed below with respect to certificate 338. RSA iswell-known to those of ordinary skill in the relevant arts and will notbe described further.

[0047] Device unique non-secrets 330 include a 1024-bit RSA public key332 that corresponds to the 1024-bit RSA private key 314, a 16-byteserial number 334, a 2048-bit service provider public key 336, a420-byte certificate, reserved area 342, and a device birthmark 344.Note that not all data in system data store 228 is unique to aparticular receiver, but the combination of data in system data store228 is unique. For example, the service provider public key 336 may becommon to all receivers, whereas the serial number 334 is unique to eachreceiver. Therefore, it is only important for at least some portion ofsystem data store 228 to contain data that is unique to a particularreceiver.

[0048] The 2048-bit service provider public key 336 is the public key ofthe service provider (as opposed to a trusted third party) and is usedin conjunction with the 420-byte certificate 338 for authentication.Certificate 338 is a hash of the receiver's serial number and publickey, with the hash being signed by the private key that corresponds tothe service provider public key 336. The certificate is approximately420 bytes: 128 bytes for the RSA public key 332; 16 bytes for serialnumber 334; 20 bytes for the hash; 256 bytes for the signature; plus anyencoding overhead. Examples of popular hashing algorithms include themessage digest version 5 (“MD5”) algorithm and the secure hash algorithmversion 1 (“SHA-1”). However, the present invention does not necessarilyrequire the use of hashing or any particular hashing algorithm.

[0049] An exemplary mutual authentication process between a localreceiver and a gateway receiver may occur as follows. The local receiverinitiates the authentication sequence of messages by sending hiscertificate to the gateway receiver. The gateway receiver validates theservice providers digital signature (by hashing the data in thecertificate and applying the appropriate digital signature verificationalgorithm using the service provider's RSA public signature key which isin ROM), extracts the local receiver's RSA public key, and generates aproof-of-possession challenge as described in more detail below.

[0050] The challenge is a random number chosen by the gateway receiverwhich is encrypted in the local receiver's public RSA key. The gatewayreceiver then sends this encrypted random number and his own certificateto the local receiver. Only a local receiver in possession of thecorresponding private key can decrypt this random number. When the localreceiver gets these two pieces of data, he decrypts the challenge withhis RSA private key, validates the gateway receiver's certificate (asdescribed above), and creates an analogous proof-of-possession challengefor the gateway receiver. Within these two messages (receiver to gatewayand gateway to receiver), the two receivers mutually authenticate eachother and establish a first symmetric encryption (session) key to beused in subsequent communications between them. Subsequentcommunications may include digital video and audio data, as well asadditional authentication data like the local receiver's birthmark.

[0051] Note that the certificate 338 permits a chain of trust to beestablished. The gateway receiver trusts the service provider's publickey 336. Using the service provider's public key, the gateway receiveris able to authenticate the local receiver and add the local receiver tothe gateway receiver's chain of trust. In one embodiment, the gatewayreceiver stores the public key of each local receiver that authenticateswith the gateway receiver in a transaction table that is sent to theaudit service when the gateway receiver authenticates. The localreceiver is able to authenticate the gateway receiver in a similarfashion. This allows the gateway receiver to be added to the localreceiver's chain of trust.

[0052] The reserved area 342 is for future expansion. In particular, theDigital Transmission Content Protection (“DTCP”) standard for IEEE 1394uses a device private key of 160 bits for full authentication and otherkeys of 192 bytes for restricted authentication. DTCP also specifiespublic (common constants) parameters: 160 bits for EC-DH groupparameters, 160 bits for the coefficient of the elliptic curvepolynomial (as well as other constants), and 98 bytes for a devicecertificate are reserved by the Digital Transmission Licensing Authority(“DTLA”). (DTLA is the body responsible for the DTCP standard.) Thepresent invention does not necessarily require a copy control mechanismand is not limited to any particular copy control policy.

[0053] Device birthmark 344 helps assure the integrity of system datastore 228. The device birthmark is a signed hash of the system datastore 228 contents. As its name implies, device birthmark 344 is uniqueto each receiver. Hashing system data store 228 allows any changes to bedetected. Like certificate 338, the system data store hash is signedwith the service provider private key. Periodically, the audit servicereceives the birthmark of the gateway receiver and possibly the contentsof system data store 228 described above. Receiving the same birthmarkfrom multiple receivers indicates that a receiver has been cloned.Invalid birthmarks indicate a system data store and receiver that arenot authorized by the service provider. By receiving the contents ofsystem data store 228, the audit service is able to determine the extentof invalid content within the system data store. Duplicate and invalidbirthmarks suggest theft of service. The birthmark may be received inconjunction with the gateway receiver authenticating to an audit serviceand in conjunction with a local receiver authenticating to the gatewayreceiver. The contents of each system data store 228 may be created bythe audit service, delivered to a manufacturer on some type of storagemedia (separated by serial number), such as a CD, and added to eachsystem data store 228 at the point of manufacture. As an added level ofsecurity, the audit service could require that an authorizedmanufacturer sign all or a portion of the data store 228 contents.

[0054] Often, data stores, such as system data store 228, are physicallypackaged in a manner to inhibit reverse engineering or hacking. Forexample, data stores may be covered in an epoxy or employ other exoticpackaging techniques that interfere with the data store's operation ifthe package is subject to tampering. While secure packaging iseffective, it also increases costs. In some circumstances, the financialrisks associated with tampering may be economically insufficient tojustify the increased cost of a secure package. Nevertheless, securepackaging may be necessary to assure only authorized distribution ofcontent and services. As a result, expensive packaging may reduce theservice provider's revenue or increase the cost of a service toconsumers.

[0055] The security of system data store 228 may be enhanced in avariety of ways. For example, the location of data in the system datastore may be varied from one receiver or group of receivers to another.The order in which the data store is signed may be varied from onereceiver or group of receivers to another. The data store may beencrypted and the decryption keys received from the service providerover a secure communication channel. These additional levels of securityprevent a hacker who is able to crack a single receiver, from being ableto crack all receivers. Furthermore, one group of receivers may be soldonly to certain markets, such as a particular geographic market,allowing for the markets that are most susceptible to cloning and/orhacking to be identified.

[0056] In one embodiment, the order in which the data store is signedmay be varied by changing the physical order in which the device uniquesecrets 310 and device unique non-secrets 330 are stored within the datastore. In common practice, data is laid out sequentially within memory.In contrast, in one embodiment of the present invention data is laid outin memory in a non-sequential fashion that is determined by a“scrambling algorithm.” The scrambling algorithm generates anon-repeating sequence of memory locations within the data store to beused to store the device unique secrets 310 and the device non-uniquesecrets 330.

[0057] For example, this “scrambling algorithm” of the order in which touse memory locations within the data store may be accomplished with acyclic permutation algorithm. A prime number unique to a receiver isstored in system data store 228; the prime number is larger than thesize of the data region to be scrambled by the scrambling algorithm. Bycycling through the device unique secrets 310 and device uniquenon-secrets 330, a permutation map may be created. An exemplaryalgorithm might operate as follows, generating the sequence

g,g² mod p, g³ mod p, . . . , g^(p-1) mod p,

[0058] where g is a constant generator of the cyclic group Z_(p), and pis the prime number. (Note that the mod p applies to the (g{circumflexover ( )}x) expression, not just the exponent, i.e., (g{circumflex over( )}2) mod p as opposed to g {circumflex over ( )}(2 mod p), etc.) Thissequence of p integers is a permutation of the sequence 1, 2, 3, . . . ,p−1; each integer between 1 and p−1 inclusive will appear exactly oncein the sequence g, g² mod p, g³ mod p, . . . , g^(p-1) mod p, Scramblingthe location of data within the system data store and/or the order inwhich data within the system data store is signed to create birthmark344, allows a relatively inexpensive and insecure component, such as anEEPROM, to store system data with a fair degree of confidence that thedata is secure.

[0059] It should be noted that the present invention does not requireany particular encryption, hashing, digital signing, authentication, orother cryptographic technology. The specific references to SHA-1, 3DES,RSA, etc., are exemplary only, and should not be interpreted aslimitations on the present invention. Cryptographic support for digitalsignatures, encryption, block ciphers, hashes, etc., may be provided inhardware, software, and/or combinations of hardware and software.Furthermore, the identification of specific data and data sizes withrespect to system data store 228 is also exemplary. Many othercryptographic techniques, data, and data size are possible and should beconsidered to fall within the scope of the present invention.

[0060] The present invention also may be described in terms of methodscomprising functional steps and/or non-functional acts. The followingdescription of acts and steps that may be performed in practicing thepresent invention, correspond to FIGS. 4-5. Usually, functional stepsdescribe the invention from a perspective of results that areaccomplished, whereas non-functional acts describe more specific actionsfor achieving a particular result. In some circumstances, several actsmay be combined to achieve the results of a particular step. Althoughthe functional steps and non-functional acts may be described or claimedin a particular order, the present invention is not necessarily limitedto any particular ordering of the acts and/or steps.

[0061]FIG. 4 is a flow diagram from the perspective of a receiver. Astep for receiving (410) digital content that is broadcast from at leastone content source may include an act of tuning (412) a gateway receiverto receive the digital content. A step for authenticating (420) one ormore local receivers may include acts of receiving (422) local receiverauthentication data and storing (424) a representation of the localreceiver authentication data, such as the local receivers public key.Certificate 338 and device birthmark 344 of FIG. 3 are examples ofauthentication data. A step for providing (430) one or more localreceivers with access to received digital content may include an act ofoutputting (432) the received digital content. The act of outputtingencompasses storing the digital content to a storage device, such as ahard disk, an optical disc, a memory, etc.; displaying the digitalcontent on a display device; and outputting the digital content to alocal receiver.

[0062] A step for authenticating (440 a and 440 b) to an audit servicemay include an act of retrieving (442) authentication data from a readonly or write-once memory and an act of sending (444) the authenticationdata to the audit service. Again, device birthmark 344 and certificate338 of FIG. 3 are examples of authentication data. A step forestablishing (450) an encrypted communication channel with the auditservice may include an act of connecting (452) to the audit service andan act of encrypting (454) the connection to the audit service.

[0063]FIG. 5 is a flow diagram from the perspective of an audit service.The audit service tracks (510) authentication information. Thisauthentication information allows the audit service to identifyparticular receivers. In one embodiment, the audit service tracks theserial number and public key for each receiver. In another embodiment,the audit service tracks the contents of each receiver's system datastore. When the audit service receives (520) authentication data, suchas certificate 338 shown in FIG. 3, from a gateway receiver, the auditservice determines whether the certificate was signed by the serviceprovider's private key. If so, the audit service challenges the node tosign a specified random number to prove that the receiver has possessionof the corresponding private key. A nonce value may be used to detectreplay attacks. In one embodiment, a certificate is used to authenticatea gateway receiver during initial activation of the gateway receiver.

[0064] At times, the audit service receives a device birthmark asauthentication data. For example, after initial activation, a gatewayreceiver may periodically contact the audit service, such as tocommunicate billing information. The authentication data also mayinclude a representation of authentication data for local receivers thathave authenticated to a gateway receiver. The audit service verifies(530) the digital signature of the birthmark. For example, the auditservice may track a copy of at least a portion of the system data storeof each receiver to use in verification or data derivable from at leasta portion of the system data store. In one embodiment, the audit servicetracks the hash value used to create the birthmark for each receiver'ssystem data store. Next, the audit service compares (540) the receivedauthentication data with tracked authentication information. Based onthe received authentication data, the audit service identifiespotentially fraudulent receivers. If the same birthmark is received frommultiple receivers, the audit service may determine that a receiver hasbeen cloned. An invalid birthmark suggests an unsuccessful andunauthorized attempt to create a system data store. If a certificate orbirthmark for a particular receiver is never received, the audit servicemay determine that receivers are being used for unauthorized purposes.Because the service provider may subsidize the purchase of a receiver,it may be important to identify receivers that fail to contact the auditservice.

[0065] The present invention may be embodied in other specific formswithout departing from its spirit or essential characteristics. Thedescribed embodiments are to be considered in all respects only asillustrative and not restrictive. The scope of the invention is,therefore, indicated by the appended claims rather than by the foregoingdescription. All changes which come within the meaning and range ofequivalency of the claims are to be embraced within their scope.

What is claimed is:
 1. In a system comprising one or more receivers thatare capable of receiving digital content broadcast from one or morecontent sources, wherein at least some digital content is intended onlyfor authorized receivers, a method of authenticating a receiver so thatpotentially fraudulent receivers may be identified, the methodcomprising acts of: tuning a gateway receiver to receive digital contentthat is broadcast from at least one content source; outputting thereceived digital content; connecting to an audit service that is capableof authenticating the gateway receiver; and sending to the auditservice, authentication data that comprises data which should be uniqueto the gateway receiver, wherein the authentication data permits theaudit service to identify potentially fraudulent receivers that send (i)invalid authentication data or (ii) authentication data that is notunique to a particular receiver.
 2. A method as recited in claim 1,further comprising an act of encrypting the connection to the auditservice.
 3. A method as recited in claim 1, wherein the authenticationdata comprises a digital signature created by digitally signing at leasta portion of the data which should be unique to the gateway receiverwith a private key, and wherein the audit service is capable ofverifying the digital signature.
 4. A method as recited in claim 3,wherein the order in which data is signed to create the digitalsignature varies from one group of one or more gateway receivers toanother.
 5. A method as recited in claim 1, wherein the data whichshould be unique to the gateway receiver is stored in a memory, andwherein a storage location of a least a portion of the data varies fromone group of one or more gateway receivers to another.
 6. A method asrecited in claim 1, wherein the data which should be unique to thegateway receiver is stored in a memory that is arranged in accordancewith a cyclic permutation algorithm.
 7. A method as recited in claim 1,wherein the data which should be unique to the gateway receivercomprises a hard disk encryption key, a private/public key pair, aserial number, a public key for authenticating the audit server, and agateway receiver certificate.
 8. A method as recited in claim 1, whereinauthorized receivers are receivers with a valid subscription to receivethe at least some digital content.
 9. A method as recited in claim 1,wherein the authentication data is stored in either a read only memoryor a write-once memory, and wherein the method further comprises an actof retrieving the authentication data from either the read only memoryor the write-once memory.
 10. A method as recited in claim 1, whereinthe gateway receiver is coupled to one or more local receivers, themethod further comprising acts of: receiving local receiverauthentication data from each of the one or more local receivers,wherein the local receiver authentication data comprises data whichshould be unique to each of the one more local receivers; outputting thereceived digital content to the one or more local receivers; storing arepresentation of the local receiver authentication data; and sendingthe representation of the local receiver authentication data to theaudit service, whereby the audit service is able to identify the one ormore local receivers coupled to the gateway receiver.
 11. A method asrecited in claim 1, further comprising an act of either (i) storing thedigital content on a nonvolatile storage device, or (ii) displaying thedigital video content on a display device.
 12. A method as recited inclaim 1, wherein the digital content comprises subscription-basedcontent that is broadcast to the gateway receiver over a satellite orcable link, and wherein the authentication data is sent to the auditservice over an Internet connection.
 13. In a system comprising one ormore receivers that are capable of receiving digital content broadcastfrom one or more content sources, wherein at least some digital contentis intended only for authorized receivers, a method of authenticating areceiver so that potentially fraudulent receivers may be identified, themethod comprising steps for: at a gateway receiver, receiving digitalcontent that is broadcast from at least one content source; providingaccess to the received digital content through the gateway receiver;establishing an encrypted communication channel with an audit servicethat is able to authenticate the gateway receiver; and authenticating tothe audit service, wherein authentication permits the audit service toidentify potentially fraudulent receivers that (i) authenticateimproperly, or (ii) authenticate with data that is not unique to aparticular receiver.
 14. A method as recited in claim 13, wherein thestep for authenticating to the audit service comprises an act of sendingauthentication data to the audit service, the authentication datacomprising a digital signature created by digitally signing at least aportion of data which should be unique to the gateway receiver with aprivate key, and wherein the audit service is capable of verifying thedigital signature.
 15. A method as recited in claim 14, wherein theorder in which data is signed to create the digital signature variesfrom one group of one or more gateway receivers to another.
 16. A methodas recited in claim 14, wherein the authentication data is stored in amemory with the order of use for one or more individual memory locationsbeing scrambled.
 17. A method as recited in claim 14, wherein the datawhich should be unique to the gateway receiver is stored in a memory,and wherein a storage location of a least a portion of the data variesfrom one group of one or more gateway receivers to another.
 18. A methodas recited in claim 14, wherein the data which should be unique to thegateway receiver comprises a hard disk encryption key, a private/publickey pair, a serial number, a public key for authenticating the auditserver, and a gateway receiver certificate.
 19. A method as recited inclaim 14, wherein the authentication data is stored in either a readonly memory or a write-once memory, and wherein the step forauthenticating to the audit service comprises an act of retrieving theauthentication data from either the read only memory or the write-oncememory.
 20. A method as recited in claim 13, wherein the gatewayreceiver is coupled to one or more local receivers, the method furthercomprising steps for: authenticating the one or more local receivers;providing the one or more local receivers with access to the receiveddigital content; and identifying the one or more local receivers to theaudit service.
 21. A method as recited in claim 13, wherein the digitalcontent comprises subscription-based content that is broadcast to thegateway receiver over a satellite or cable link.
 22. For a systemcomprising one or more receivers that are capable of receiving digitalcontent broadcast from one or more content sources, wherein at leastsome digital content is intended only for authorized receivers, acomputer program product that implements a method of authenticating areceiver so that potentially fraudulent receivers may be identified, thecomputer program product comprising a computer readable medium forcarrying machine-executable instructions that implement the method,wherein the method comprises acts of: tuning a gateway receiver toreceive digital content that is broadcast from at least one contentsource; outputting the received digital content; connecting to an auditservice that is capable of authenticating the gateway receiver; andsending to the audit service, authentication data that comprises datawhich should be unique to the gateway receiver, wherein theauthentication data permits the audit service to identify potentiallyfraudulent receivers that send (i) invalid authentication data or (ii)authentication data that is not unique to a particular receiver.
 23. Acomputer program product as recited in claim 22, the method furthercomprising an act of encrypting the connection to the audit service. 24.A computer program product as recited in claim 22, wherein theauthentication data comprises a digital signature created by digitallysigning at least a portion of the data which should be unique to thegateway receiver with a private key, and wherein the audit service iscapable of verifying the digital signature.
 25. A computer programproduct as recited in claim 25, wherein the order in which data issigned to create the digital signature varies from one group of one ormore gateway receivers to another.
 26. A computer program product asrecited in claim 22, wherein the data which should be unique to thegateway receiver is stored in a memory, and wherein a storage locationof a least a portion of the data varies from one group of one or moregateway receivers to another.
 27. A computer program product as recitedin claim 22, wherein the data which should be unique to the gatewayreceiver is stored in a memory that is arranged in accordance with acyclic permutation algorithm.
 28. A computer program product as recitedin claim 22, wherein the data which should be unique to the gatewayreceiver comprises a hard disk encryption key, a private/public keypair, a serial number, a public key for authenticating the audit server,and a gateway receiver certificate.
 29. A computer program product asrecited in claim 22, wherein authorized receivers are receivers with avalid subscription to receive the at least some digital content.
 30. Acomputer program product as recited in claim 22, wherein theauthentication data is stored in either a read only memory or awrite-once memory, and wherein the method further comprises an act ofretrieving the authentication data from either the read only memory orthe write-once memory.
 31. A computer program product as recited inclaim 22, wherein the gateway receiver is coupled to one or more localreceivers, the method further comprising acts of: receiving localreceiver authentication data from each of the one or more localreceivers, wherein the local receiver authentication data comprises datawhich should be unique to each of the one more local receivers;outputting the received digital content to the one or more localreceivers; storing a representation of the local receiver authenticationdata; and sending the representation of the local receiverauthentication data to the audit service, whereby the audit service isable to identify the one or more local receivers coupled to the gatewayreceiver.
 32. A computer program product as recited in claim 22, themethod further comprising an act of either (i) storing the digitalcontent on a nonvolatile storage device, or (ii) displaying the digitalvideo content on a display device.
 33. A computer program product asrecited in claim 22, wherein the digital content comprisessubscription-based content that is broadcast to the gateway receiverover a satellite or cable link, and wherein the authentication data issent to the audit service over an Internet connection.
 34. For a systemcomprising one or more receivers that are capable of receiving digitalcontent broadcast from one or more content sources, wherein at leastsome digital content is intended only for authorized receivers, acomputer program product that implements a method of authenticating areceiver so that potentially fraudulent receivers may be identified, thecomputer program product comprising a computer readable medium forcarrying machine-executable instructions that implement the method,wherein the method comprises steps for: at a gateway receiver, receivingdigital content that is broadcast from at least one content source;providing access to the received digital content through the gatewayreceiver; establishing an encrypted communication channel with an auditservice that is able to authenticate the gateway receiver; andauthenticating to the audit service, wherein authentication permits theaudit service to identify potentially fraudulent receivers that (i)authenticate improperly, or (ii) authenticate with data that is notunique to a particular receiver.
 35. A computer program product asrecited in claim 34, wherein the step for authenticating to the auditservice comprises an act of sending authentication data to the auditservice, the authentication data comprising a digital signature createdby digitally signing at least a portion of data which should be uniqueto the gateway receiver with a private key, and wherein the auditservice is capable of verifying the digital signature.
 36. A computerprogram product as recited in claim 35, wherein the authentication datais stored in a memory with the order of use for one or more individualmemory locations being scrambled.
 37. A computer program product asrecited in claim 35, wherein the order in which data is signed to createthe digital signature varies from one group of one or more gatewayreceivers to another.
 38. A computer program product as recited in claim35, wherein the data which should be unique to the gateway receiver isstored in a memory, and wherein a storage location of a least a portionof the data varies from one group of one or more gateway receivers toanother.
 39. A computer program product as recited in claim 35, whereinthe data which should be unique to the gateway receiver comprises a harddisk encryption key, a private/public key pair, a serial number, apublic key for authenticating the audit server, and a gateway receivercertificate.
 40. A computer program product as recited in claim 35,wherein the authentication data is stored in either a read only memoryor a write-once memory, and wherein the step for authenticating to theaudit service comprises an act of retrieving the authentication datafrom either the read only memory or the write-once memory.
 41. Acomputer program product as recited in claim 34, wherein the gatewayreceiver is coupled to one or more local receivers, the method furthercomprising steps for: authenticating the one or more local receivers;providing the one or more local receivers with access to the receiveddigital content; and identifying the one or more local receivers to theaudit service.
 42. A computer program product as recited in claim 34,wherein the digital content comprises subscription-based content that isbroadcast to the gateway receiver over a satellite or cable link.
 43. Ina system comprising one or more receivers that are capable of receivingdigital content broadcast from one or more content sources, wherein atleast some digital content is intended only for authorized receivers, amethod of auditing the one or more receivers to identify potentiallyfraudulent receivers, the method comprising acts of: trackingauthentication information for a plurality of gateway receivers, whereinthe authentication information comprises information which should beunique to each gateway receiver; receiving, from one or more gatewayreceivers that receive digital content broadcast from one or morecontent sources, authentication data that comprises data which should beunique to each gateway receiver; comparing the received authenticationdata with the tracked authentication information; and identifying atleast one gateway receiver that has (i) provided valid authenticationdata that is unique to the at least one gateway receiver, (ii) providedinvalid authentication data, (iii) provided authentication data that isnot unique to the at least one gateway receiver, or (iv) not establishedcontact and therefore not provided any authentication data.
 44. A methodas recited in claim 43, wherein the authentication data comprises adigital signature created by digitally signing at least a portion of thedata which should be unique to each gateway receiver with a private key,the method further comprising an act of verifying the digital signaturewith a corresponding public key and the tracked authenticationinformation.
 45. A method as recited in claim 43, wherein the order inwhich data is signed to create the digital signature varies from onegroup of one or more gateway receivers to another.
 46. A method asrecited in claim 43, wherein the authentication data is received fromthe one or more gateway receivers on a periodic basis.
 47. A method asrecited in claim 43, wherein at least one gateway receiver provides oneor more local receivers with access to digital content that is receivedby the at least one gateway receiver, and wherein each of the one ormore local receivers provides local receiver authentication data to theat least one gateway receiver, the method further comprising acts of:for each of the one or more local receivers, receiving a representationof local receiver authentication data from the at least one gatewayreceiver; and identifying at least one local receiver that has (i)provided valid local receiver authentication data that is unique to theat least one local receiver, (ii) provided invalid local receiverauthentication data, (iii) provided local receiver authentication datathat is not unique to the at least one local receiver, or (iv) notestablished contact and therefore not provided any local receiverauthentication data.
 48. A method as recited in claim 43, wherein thedigital content comprises subscription-based content that is broadcastto the one or more gateway receivers over a satellite or cable link. 49.For a system comprising one or more receivers that are capable ofreceiving digital content broadcast from one or more content sources,wherein at least some digital content is intended only for authorizedreceivers, a computer program product that implements a method ofauditing the one or more receivers to identify potentially fraudulentreceivers, the computer program product comprising a computer readablemedium for carrying machine-executable instructions that implement themethod, wherein the method comprises acts of: tracking authenticationinformation for a plurality of gateway receivers, wherein theauthentication information comprises information which should be uniqueto each gateway receiver; receiving, from one or more gateway receiversthat receive digital content broadcast from one or more content sources,authentication data that comprises data which should be unique to eachgateway receiver; comparing the received authentication data with thetracked authentication information; and identifying at least one gatewayreceiver that has (i) provided valid authentication data that is uniqueto the at least one gateway receiver, (ii) provided invalidauthentication data, (iii) provided authentication data that is notunique to the at least one gateway receiver, or (iv) not establishedcontact and therefore not provided any authentication data.
 50. Acomputer program product as recited in claim 49, wherein theauthentication data comprises a digital signature created by digitallysigning at least a portion of the data which should be unique to eachgateway receiver with a private key, the method further comprising anact of verifying the digital signature with a corresponding public keyand the tracked authentication information.
 51. A computer programproduct as recited in claim 49, wherein the order in which data issigned to create the digital signature varies from one group of one ormore gateway receivers to another.
 52. A computer program product asrecited in claim 49, wherein the authentication data is received fromthe one or more gateway receivers on a periodic basis.
 53. A computerprogram product as recited in claim 49, wherein at least one gatewayreceiver provides one or more local receivers with access to digitalcontent that is received by the at least one gateway receiver, andwherein each of the one or more local receivers provides local receiverauthentication data to the at least one gateway receiver, the methodfurther comprising acts of: for each of the one or more local receivers,receiving a representation of local receiver authentication data fromthe at least one gateway receiver; and identifying at least one localreceiver that has (i) provided valid local receiver authentication datathat is unique to the at least one local receiver, (ii) provided invalidlocal receiver authentication data, (iii) provided local receiverauthentication data that is not unique to the at least one localreceiver, or (iv) not established contact and therefore not provided anylocal receiver authentication data.
 54. A computer program product asrecited in claim 49, wherein the digital content comprisessubscription-based content that is broadcast to the one or more gatewayreceivers over a satellite or cable link.